Segmentation fault in Reader.gets() #205
Description
A segmentation fault occurs in the below code when provided with the corresponding input. This is occurring it line 81 in src/reader.c, in the tryParentize function.
import hiredis
import sys
data = open(sys.argv[1], "rb").read().decode("utf-8")
r = hiredis.Reader()
r.feed(data)
r.gets()
Environment Info
Commit: 5b34a0e
POC File:
https://github.com/FuturesLab/POC/blob/main/hiredis-py/poc-01
To reproduce
python3 <filename>.py POC
Stack Trace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==523352==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5555556d2685 bp 0x7ffff6588b00 sp 0x7fffffffd4d0 T0)
==523352==The signal is caused by a READ memory access.
==523352==Hint: address points to the zero page.
#0 0x5555556d2685 in PyTuple_GetItem (/usr/bin/python3.10+0x17e685) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#1 0x7ffff72364cc in tryParentize hiredis/lib/src/reader.c:81:42
#2 0x7ffff723d956 in processLineItemlib/vendor/hiredis/read.c:378:23
#3 0x7ffff723e16e in processItem lib/vendor/hiredis/read.c:639:16
#4 0x7ffff723e16e in redisReaderGetReply lib/vendor/hiredis/read.c:763:13
#5 0x7ffff7236c3a in Reader_gets /lib/src/reader.c:370:9
#6 0x5555556c5caf (/usr/bin/python3.10+0x171caf) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#7 0x5555556c9a73 in _PyEval_EvalFrameDefault (/usr/bin/python3.10+0x175a73) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#8 0x5555557adf55 (/usr/bin/python3.10+0x259f55) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#9 0x5555557ade25 in PyEval_EvalCode (/usr/bin/python3.10+0x259e25) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#10 0x5555557d4807 (/usr/bin/python3.10+0x280807) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#11 0x5555557cf00e (/usr/bin/python3.10+0x27b00e) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#12 0x5555557d45a4 (/usr/bin/python3.10+0x2805a4) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#13 0x5555557d3b87 in _PyRun_SimpleFileObject (/usr/bin/python3.10+0x27fb87) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#14 0x5555557d3866 in _PyRun_AnyFileObject (/usr/bin/python3.10+0x27f866) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#15 0x5555557c7e5d in Py_RunMain (/usr/bin/python3.10+0x273e5d) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#16 0x5555557a1e6c in Py_BytesMain (/usr/bin/python3.10+0x24de6c) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
#17 0x7ffff7029d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#18 0x7ffff7029e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#19 0x5555557a1d64 in _start (/usr/bin/python3.10+0x24dd64) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/bin/python3.10+0x17e685) (BuildId: 03724df5fa5f91297011babc87bdf1830a7cb4dd) in PyTuple_GetItem
==523352==ABORTING